Blazor Server GraphServiceClient not authenticated in wrapper library

By -

I have a Blazor Server application that authenticates users through AAD. I'm using the Microsoft Graph SDK to query user info such as photo, etc., which I can do using DI to get the GraphServiceClient directly within a component in the Blazor Server app.

[Inject] private GraphServiceClient GraphServiceClient { get; set; }

However, for testing purposes, I've created a wrapper around the GraphServiceClient called IGraphService in another library within the same solution. This is where the problem occurs and the GraphServiceClient fails authentication with:

No account or login hint was passed to the AcquireTokenSilent call

My code is set up as follows:

Program.cs

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
                .EnableTokenAcquisitionToCallDownstreamApi(builder.Configuration.GetValue<string>("Graph:Scopes")?.Split(' '))
                .AddMicrosoftGraph(builder.Configuration.GetSection("Graph"))
                .AddInMemoryTokenCaches();

builder.Services.AddScoped<IGraphService, GraphService>();

appsettings.json

"AzureAd": {
    "Instance": "https://login.microsoftonline.com",
    "Domain": "{domain}.onmicrosoft.com",
    "CallbackPath": "/signin-oidc",
    "TenantId": "{tenantId}",
    "ClientId": "{clientId}",
    "ClientSecret": "{clientSecret}"
},
"Graph": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "user.read user.readbasic.all"
},

The part of the implementation of the GraphService I created to wrap the GraphServiceClient that tries to set up the GraphServiceClient:

return new GraphServiceClient(new DelegateAuthenticationProvider((requestMessage) =>
                {
                    string[] scopes = new[] { "user.read", "user.readbasic.all" };
                    ITokenAcquisition tokenService = _contextAccessor.HttpContext.RequestServices.GetRequiredService<ITokenAcquisition>();
                    var token = tokenService.GetAccessTokenForUserAsync(scopes);     <-- FAILS!!!

                    requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.Result);
                    return Task.FromResult(0);
                }));

Clearing my cookies, this works fine the first time the app runs, but on restarts, it fails with the same message. Injecting the GraphServiceClient directly into a component works fine too, but I'm trying to wrap it so the components are loosely coupled.

Additionally, if I pass the AccessToken from the Blazor Server project to the wrapper library, it works fine too, but I want to avoid that.

What am I missing? Is my setup not right? Thanks for any help or pointers :)

Update 1

To simplify the issue, I have a component on a page and I can successfully request the user's token in that component, every time.

public sealed partial class HeaderBar
    {
        [Inject] private ITokenAcquisition TokenAcquisition { get; set; } = null!;
        [Inject] private IGraphService GraphService { get; set; } = null!;

        protected override async Task OnInitializedAsync()
        {
            try
            {
                // this works every time!
                string token = await TokenAcquisition.GetAccessTokenForUserAsync(new[] { "user.read", "user.readbasic.all" });

                var photo = await GraphService.GetUserPhoto();
                ...
            }
            catch (Exception ex)
            {
                ...
            }
        }
    }

As you can see, I'm not doing anything with the token, but if I remove that line, the same line within the GraphService fails. It will only succeed and get a token if I make the same call within the component first.

I've tried moving the code to the App.razor, but it fails there too.



Comments

Post a Comment

Popular posts from this blog

Spring Elasticsearch Operations

By -
Elasticsearch Operations Spring Data Elasticsearch uses two interfaces to define the operations that can be called against an Elasticsearch index. These are ElasticsearchOperations and ReactiveElasticsearchOperations. Whereas the first is used with the classic synchronous implementations, the second one uses reactive infrastructure. The default implementations of the interfaces offer: Read/Write mapping support for domain types. A rich query and criteria api. Resource management and Exception translation. ElasticsearchTemplate The ElasticsearchTemplate is an implementation of the ElasticsearchOperations interface using the Transport Client. @Configuration public class TransportClientConfig extends ElasticsearchConfigurationSupport {   @Bean   public Client elasticsearchClient() throws UnknownHostException {                      Settings settings = Settings.builder().put("cluster.name", "elasticsearch")....
Read more

Hibernate Search - Elasticsearch with JSON manipulation

By -
Elasticsearch with JSON manipulation Elasticsearch ships with many features. It is possible that at some point, one feature you need will not be exposed by the Search DSL. To work around such limitations, Hibernate Search provides ways to: Transform the HTTP request sent to Elasticsearch for search queries. Read the raw JSON of the HTTP response received from Elasticsearch for search queries. Direct changes to the HTTP request may conflict with Hibernate Search features and be supported differently by different versions of Elasticsearch. Similarly, the content of the HTTP response may change depending on the version of Elasticsearch, depending on which Hibernate Search features are used, and even depending on how Hibernate Search features are implemented. Thus, features relying on direct access to HTTP requests or responses cannot be guaranteed to continue to work when upgrading Hibernate Search, even for micro upgrades (x.y.z to x.y.(z+1)). Use this at your own risk....
Read more

Today Walkin 14th-Sept

By -
Image
14th Sept 2017 ( GO Through all List) Read Walkin details properly , Try to call company before attending if possible !!! ==================================== 1. Myntra through fresherworld (Call Based , Venue shared to shortlisted candidates) _____________________________ 2. Magna : Hiring for Client Harman : C++
Read more